Understanding Steganography.

Looking at the image below, one might say that it's nothing but a quote on privacy. But on the contrary, the image actually contains a hidden message.

(You can download this image from

' https://drive.google.com/file/d/1ZwtmYAwz1lOWrJjAWdE7m8awTvGjtp-H/view?usp=sharing ' 

and try uncovering the message yourself).

Steganography is the practice of hiding/concealing secret messages, files, data etc. within or on top of something which is not a secret. Something here refers to anything what the hider wants. Today, that something could be from images, audio files, pdf's to almost any digital content. 

A common misconception about steganography is that it's a form of cryptography. This however is incorrect since cryptography involves ciphering data into a meaningless form until a key pattern is used to decipher it whereas steganography is only used to disguise and hide data in plain sight.

How is it done?

Steganography is most commonly done using an image as an object to hide the data in, but, it can also be done in audio/video files, Text files or even using TCP packets over a network. The most well known way of hiding data in an image is by using the LSB method (Least Significant Bit). Wherein, the hider embeds the data into the least significant bits used to make up the image. This bit is often the alpha bit in the RGBA (Red Green Blue Alpha) color spectrum. The 'A' here stands for Alpha and is responsible for the opacity of the color, which isn't frequently used.

There are multiple apps such as Stegosuite, Xiao, Steghide etc. Which make it easy to conceal data. These applications can be used in the command line interface of the OS to embed or extract messages/data using the appropriate stego key.

How can it be used in Hacking?

Steganography can be used to hide malicious content like bash scripts in files appearing to be harmless. When this legitimate looking file is run, the scrip will be executed and the malware, ransomware or a computer virus from that file could take over the system. If the malicious file is hidden deep into the face file, its execution would go undetected by antiviruses allowing the malware to carry out its objectives without any restraints.

Using such tricks, hackers can easily infiltrate any system with nothing but an innocent looking file which actually is a facade. So the next time you go to download and run a file without doing a proper check of its legitimacy, remember, you are gambling with all of your data.

P.S. RTKXCEA was once deciphered by a Roman dictator.